Pop Quiz: Windows Server 2008 R2, Active Directory Configuration -- Configure RODC
Applies to the "Configuring Active Directory Roles and Services" objective of Exam 70-640 TS: Windows Server 2008 Active Directory Configuration.
Q: Which of the following must be present to enable credential caching on a read-only domain controller (RODC)?
- All DCs must be running Windows Server 2008
- All DCs must be running Windows Server 2008 R2
- There must be at least one writable domain controller in the domain
- The functional level for the domain and forest must be Windows Server 2003 or higher
Answer and explanation is below.
Answer is C and D: Credentials consist of a small set of approximately 10 passwords that are associated with user or computer accounts. By default a RODC does not store user or computer credentials. The administrator must explicitly allow any credential caching on an RODC.
Quick Tip: An RODC provides a way to deploy a domain controller more securely in locations that require fast and reliable authentication services but cannot ensure physical security for a writable domain controller.
Bonus Question: What are the steps required to perform an offline defragmentation of the Active Directory database? (Tweet your answer with #pop640c and get a chance to win a Redmond t-shirt! Deadline for entries is Wednesday, April 25.)
Answer to last week's bonus question: The Active Directory module for Windows PowerShell, ADSI Edit, and ldifde can all be used to create a PSO (Password Settings Object) in a domain to support FGPP (Fine-Grained Password and Account Lockout Policies).
Andy Barkl, CCNP, CCDP, CISSP, MCT, MVP, MCDST, MCSE: Security, MCSA: Security, MCSA: Messaging A+, CTT+, i-Net+, Network+, Security+, Server+, CNA, has over 20 years of experience in the IT field. He's the owner of MCT & Associates LLC, a technical training and consulting firm in Phoenix, Arizona. He enjoys dividing his time between teaching in the classroom, writing from his office and consulting on Cisco and Windows deployments. He's also the online editor for MCPMag.com, TCPMag.com, CertCities.com, and a contributing author and editor for Sybex and Cisco Press. He hosts a multitude of exam preparation chats monthly on MCPmag.com and CertCities.com.